Merged revisions 80314-80315 via svnmerge from

author Antoine Pitrou <solipsis@pitrou.net>

Wed, 21 Apr 2010 19:41:28 +0000 (19:41 +0000)

committer Antoine Pitrou <solipsis@pitrou.net>

Wed, 21 Apr 2010 19:41:28 +0000 (19:41 +0000)
author Antoine Pitrou <solipsis@pitrou.net>
Wed, 21 Apr 2010 19:41:28 +0000 (19:41 +0000)
committer Antoine Pitrou <solipsis@pitrou.net>
Wed, 21 Apr 2010 19:41:28 +0000 (19:41 +0000)
diff --git a/Lib/test/sha256.pem b/Lib/test/sha256.pem

new file mode 100644 (file)

index 0000000..01878e9
--- /dev/null
+++ b/Lib/test/sha256.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFxzCCA6+gAwIBAgIJALnlnf5uzTkIMA0GCSqGSIb3DQEBCwUAMEsxCzAJBgNV
+BAYTAkRFMRcwFQYDVQQKEw5zY2hva29rZWtzLm9yZzEjMCEGCSqGSIb3DQEJARYU
+aGFubm9Ac2Nob2tva2Vrcy5vcmcwHhcNMTAwMTI3MDAyMTI1WhcNMjAwMTI1MDAy
+MTI1WjBLMQswCQYDVQQGEwJERTEXMBUGA1UEChMOc2Nob2tva2Vrcy5vcmcxIzAh
+BgkqhkiG9w0BCQEWFGhhbm5vQHNjaG9rb2tla3Mub3JnMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEApJ4ODPwEooMW35dQPlBqdvcfkEvjhcsA7jmJfFqN
+e/1T34zT44X9+KnMBSG2InacbD7eyFgjfaENFsZ87YkEBDIFZ/SHotLJZORQ8PUj
+YoxPG4mjKN+yL2WthNcYbRyJreTbbDroNMuw6tkTSxeSXyYFQrKMCUfErVbZa/d5
+RvfFVk+Au9dVUFhed/Stn5cv+a0ffvpyA7ygihm1kMFICbvPeI0846tmC2Ph7rM5
+pYQyNBDOVpULODTk5Wu6jiiJJygvJWCZ1FdpsdBs5aKWHWdRhX++quGuflTTjH5d
+qaIka4op9H7XksYphTDXmV+qHnva5jbPogwutDQcVsGBQcJaLmQqhsQK13bf4khE
+iWJvfBLfHn8OOpY25ZwwuigJIwifNCxQeeT1FrLmyuYNhz2phPpzx065kqSUSR+A
+Iw8DPE6e65UqMDKqZnID3dQeiQaFrHEV+Ibo0U/tD0YSBw5p33TMh0Es33IBWMac
+m7x4hIFWdhl8W522u6qOrTswY3s8vB7blNWqMc9n7oWH8ybFf7EgKeDVtEN9AyBE
+0WotXIEZWI+WvDbU1ACJXau9sQhYP/eerg7Zwr3iGUy4IQ5oUJibnjtcE+z8zmDN
+pE6YcMCLJyLjXiQ3iHG9mNXzw7wPnslTbEEEukrfSlHGgW8Dm+VrNyW0JUM1bntx
+vbMCAwEAAaOBrTCBqjAdBgNVHQ4EFgQUCedv7pDTuXtCxm4HTw9hUtrTvsowewYD
+VR0jBHQwcoAUCedv7pDTuXtCxm4HTw9hUtrTvsqhT6RNMEsxCzAJBgNVBAYTAkRF
+MRcwFQYDVQQKEw5zY2hva29rZWtzLm9yZzEjMCEGCSqGSIb3DQEJARYUaGFubm9A
+c2Nob2tva2Vrcy5vcmeCCQC55Z3+bs05CDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4ICAQBHKAxA7WA/MEFjet03K8ouzEOr6Jrk2fZOuRhoDZ+9gr4FtaJB
+P3Hh5D00kuSOvDnwsvCohxeNd1KTMAwVmVoH+NZkHERn3UXniUENlp18koI1ehlr
+CZbXbzzE9Te9BelliSFA63q0cq0yJN1x9GyabU34XkAouCAmOqfSpKNZWZHGBHPF
+bbYnZrHEMcsye6vKeTOcg1GqUHGrQM2WK0QaOwnCQv2RblI9VN+SeRoUJ44qTXdW
+TwIYStsIPesacNcAQTStnHgKqIPx4zCwdx5xo8zONbXJfocqwyFqiAofvb9dN1nW
+g1noVBcXB+oRBZW5CjFw87U88itq39i9+BWl835DWLBW2pVmx1QTLGv0RNgs/xVx
+mWnjH4nNHvrjn6pRmqHZTk/SS0Hkl2qtDsynVxIl8EiMTfWSU3DBTuD2J/RSzuOE
+eKtAbaoXkXE31jCl4FEZLITIZd8UkXacb9rN304tAK92L76JOAV+xOZxFRipmvx4
++A9qQXgLhtP4VaDajb44V/kCKPSA0Vm3apehke9Wl8dDtagfos1e6MxSu3EVLXRF
+SP2U777V77pdMSd0f/7cerKn5FjrxW1v1FaP1oIGniMk4qQNTgA/jvvhjybsPlVA
+jsfnhWGbh1voJa0RQcMiRMsxpw2P1KNOEu37W2eq/vFghVztZJQUmb5iNw==
+-----END CERTIFICATE-----
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py

index 5cfe7f14dbc6937ec448fb492ab71941144b246c..ad5864726596019be3df63dca532eb8b2141475e 100644 (file)
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -190,6 +190,26 @@ class NetworkedTests(unittest.TestCase):
          if test_support.verbose:
              sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
  
+    def test_algorithms(self):
+        # Issue #8484: all algorithms should be available when verifying a
+        # certificate.
+        # NOTE: https://sha256.tbs-internet.com is another possible test host
+        remote = ("sha2.hboeck.de", 443)
+        sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem")
+        s = ssl.wrap_socket(socket.socket(socket.AF_INET),
+                            cert_reqs=ssl.CERT_REQUIRED,
+                            ca_certs=sha256_cert,)
+        with test_support.transient_internet():
+            try:
+                s.connect(remote)
+                if test_support.verbose:
+                    sys.stdout.write("\nCipher with %r is %r\n" %
+                                     (remote, s.cipher()))
+                    sys.stdout.write("Certificate is:\n%s\n" %
+                                     pprint.pformat(s.getpeercert()))
+            finally:
+                s.close()
+
  
  try:
      import threading
diff --git a/Misc/NEWS b/Misc/NEWS

index 549eaa42772e15128362ae8c89656564e3db8530..13720892eb89732d83e39e5bed0e929592d14d3b 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -33,6 +33,10 @@ Core and Builtins
  Library
  -------
  
+- Issue #8484: Load all ciphers and digest algorithms when initializing
+  the _ssl extension, such that verification of some SSL certificates
+  doesn't fail because of an "unknown algorithm".
+
  - Issue #4814: timeout parameter is now applied also for connections resulting
    from PORT/EPRT commands.
  
diff --git a/Modules/_ssl.c b/Modules/_ssl.c

index fd3b33ae5fc6f999c0ec164d9bf5785fb09dc159..73e0c792359c4323e5f4fa4ea55abd69ab383fef 100644 (file)
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1581,13 +1581,14 @@ init_ssl(void)
  
         /* Init OpenSSL */
         SSL_load_error_strings();
+       SSL_library_init();
  #ifdef WITH_THREAD
         /* note that this will start threading if not already started */
         if (!_setup_ssl_threads()) {
                 return;
         }
  #endif
-       SSLeay_add_ssl_algorithms();
+       OpenSSL_add_all_algorithms();
  
         /* Add symbols to module dict */
         PySSLErrorObject = PyErr_NewException("ssl.SSLError",
author	Antoine Pitrou <solipsis@pitrou.net>
	Wed, 21 Apr 2010 19:41:28 +0000 (19:41 +0000)
committer	Antoine Pitrou <solipsis@pitrou.net>
	Wed, 21 Apr 2010 19:41:28 +0000 (19:41 +0000)
Lib/test/sha256.pem	[new file with mode: 0644]	patch \| blob
Lib/test/test_ssl.py		patch \| blob \| history
Misc/NEWS		patch \| blob \| history
Modules/_ssl.c		patch \| blob \| history